General
-
Target
bb8868b850caab9c5d8b413e741e3ef166c9a84eb2be6c0b3fb8ecdac26da74f
-
Size
1.1MB
-
Sample
241106-sszxrsvnap
-
MD5
0791e1a27646f6d15f5f2782181e315f
-
SHA1
4211475ad7305addfb05dfb066c491a0dfa6839c
-
SHA256
bb8868b850caab9c5d8b413e741e3ef166c9a84eb2be6c0b3fb8ecdac26da74f
-
SHA512
3be9335899d4156da6e9dc897f43ff07794e782e01da8d55f0c36acffbb3b5c715d71f7880b1b474daf95afdea86d24e3871848586df61dbb69ad5fbd1cbcbc4
-
SSDEEP
24576:syxWwC1N039t5RBXvZgkKLoPMgJ+VFCAqwaA8jTtIRAkt:bEUtt5R1vT2okgJ0IAhHoLk
Static task
static1
Behavioral task
behavioral1
Sample
bb8868b850caab9c5d8b413e741e3ef166c9a84eb2be6c0b3fb8ecdac26da74f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
bb8868b850caab9c5d8b413e741e3ef166c9a84eb2be6c0b3fb8ecdac26da74f
-
Size
1.1MB
-
MD5
0791e1a27646f6d15f5f2782181e315f
-
SHA1
4211475ad7305addfb05dfb066c491a0dfa6839c
-
SHA256
bb8868b850caab9c5d8b413e741e3ef166c9a84eb2be6c0b3fb8ecdac26da74f
-
SHA512
3be9335899d4156da6e9dc897f43ff07794e782e01da8d55f0c36acffbb3b5c715d71f7880b1b474daf95afdea86d24e3871848586df61dbb69ad5fbd1cbcbc4
-
SSDEEP
24576:syxWwC1N039t5RBXvZgkKLoPMgJ+VFCAqwaA8jTtIRAkt:bEUtt5R1vT2okgJ0IAhHoLk
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1